CVE-2008-3906: Input Validation
First published: Thu Sep 04 2008(Updated: )
CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mono Project Mono | =1.2.4 | |
| Mono Project Mono | =1.2.1 | |
| Mono Project Mono | =1.9 | |
| Mono Project Mono | =1.2.6 | |
| Mono Mono | =1.1.13.4 | |
| Mono Mono | =1.1.13 | |
| Mono Mono | =1.0 | |
| Mono Mono | =1.1.8.3 | |
| Mono Project Mono | =1.2.3 | |
| Mono Mono | =1.1.17.1 | |
| Mono Mono | =1.2.5.1 | |
| Mono Mono | =1.1.18 | |
| Mono Mono | =1.0.5 | |
| Mono Project Mono | =1.2.5 | |
| Mono Mono | =1.1.13.7 | |
| Mono Project Mono | <=2.0 | |
| Mono Mono | =1.1.17 | |
| Mono Project Mono | =1.2.2 | |
| Mono Mono | =1.1.4 | |
| Mono Mono | =1.1.13.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2008/08/27/6
- https://bugzilla.novell.com/show_bug.cgi?id=418620
- http://www.securityfocus.com/bid/30867
- http://secunia.com/advisories/31643
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:210
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286
- http://secunia.com/advisories/36494
- http://www.vupen.com/english/advisories/2008/2443
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44740
- https://usn.ubuntu.com/826-1/
- http://www.securityfocus.com/archive/1/496845/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/mono project
- canonical/mono project mono
- version/mono project mono/1.2.4
- version/mono project mono/1.2.1
- version/mono project mono/1.9
- version/mono project mono/1.2.6
- vendor/mono
- canonical/mono mono
- version/mono mono/1.1.13.4
- version/mono mono/1.1.13
- version/mono mono/1.0
- version/mono mono/1.1.8.3
- version/mono project mono/1.2.3
- version/mono mono/1.1.17.1
- version/mono mono/1.2.5.1
- version/mono mono/1.1.18
- version/mono mono/1.0.5
- version/mono project mono/1.2.5
- version/mono mono/1.1.13.7
- version/mono project mono/2.0
- version/mono mono/1.1.17
- version/mono project mono/1.2.2
- version/mono mono/1.1.4
- version/mono mono/1.1.13.6